Legal

Privacy Policy

Effective Date: June 12, 2026  |  Governing Law: Illinois

1. Introduction

Carrier Compliance Group LLC (doing business as “Carrier Compliance HQ,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at www.carriercompliancehq.com or use our services.

We serve motor carriers and owner-operators across the United States. This Policy is designed to comply with applicable federal law and the comprehensive state privacy laws of all U.S. states that have enacted such legislation, including but not limited to those listed in Section 9 below.

This Policy applies to personal information we collect from individuals acting on behalf of a motor carrier, owner-operator, company, or other business customer. To the extent information relates solely to a business entity and is not personal information under applicable law, it may not be subject to the rights described in this Policy. We process personal information primarily to provide business-to-business filing and compliance support services requested by our customers.

By using our Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you register, place an order, or use our services, including:

Sensitive Information Notice: EIN

We do not collect Social Security Numbers (SSNs). We may collect your Employer Identification Number (EIN) solely for the purpose of completing required government filings on your behalf (e.g., FMCSA MC Authority applications, USDOT registrations). Your EIN is transmitted securely, is not shared with third parties except as required for government filings, and is not retained in our systems longer than necessary to fulfill your service request. We do not use your EIN for advertising purposes.

We may also collect names, titles, contact information, account identifiers, authorization records, electronic signatures, checkbox acknowledgments, uploaded documents, agency correspondence, filing confirmations, deadline information, and other information submitted by or about authorized users, company officials, drivers, vehicles, insurance, filings, registrations, licenses, permits, and compliance workflows. If we collect government portal access information for a limited service purpose, we use it only as authorized by the customer and only for the requested workflow; do not provide credentials unless you are legally authorized to do so.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

2.3 Information from Third Parties

We may receive information about you from third parties such as payment processors, analytics providers, advertising networks, and publicly available sources (e.g., FMCSA public records).

3. How We Use Your Information

We use your personal information to:

We may also use information to verify authorization, document customer consent, prepare drafts, coordinate filing workflows, communicate with agencies and third-party providers, track renewals, generate reminders, maintain compliance records, prevent unauthorized use, investigate disputes, defend legal claims, enforce our Terms of Service, and comply with recordkeeping, tax, accounting, regulatory, and legal obligations.

4. SMS / Text Message Communications

SMS Consent

By providing your mobile phone number and checking the consent box on our intake forms, you expressly consent to receive text messages (SMS) from Carrier Compliance HQ regarding your filings, account status, and service updates. Message and data rates may apply. Message frequency varies.

To opt out, reply STOP to any text message. To request help, reply HELP. You may also opt out by contacting us at hello@carriercompliancehq.com.

We do not share your mobile number with third parties for their marketing purposes.

5. How We Share Your Information

We do not sell your personal information in exchange for money. However, like many businesses, we use third-party advertising cookies and pixels on our website, and the resulting disclosure of certain information (such as identifiers, device information, and internet activity) to advertising partners may be considered a “sale” or “sharing” of personal information under some state privacy laws. You have the right to opt out of these disclosures — see Sections 8.1 and 9 below.

We may share your information in the following circumstances:

Government Agencies

We share information with the FMCSA, USDOT, and other applicable agencies as required to complete your requested filings.

Service Providers

We share information with trusted third-party service providers who assist us in operating our business, including payment processors, cloud hosting providers, and communications platforms. These providers are contractually obligated to protect your information.

Authorized Filing Disclosures

When you request Services, you authorize us to disclose information as reasonably necessary to prepare, coordinate, submit, monitor, verify, troubleshoot, or support the requested filing, registration, renewal, update, designation, or compliance workflow. This may include disclosure to government agencies, process agents, insurers, payment processors, communications providers, hosting providers, contractors, professional advisers, and other third parties involved in the requested workflow. We are not responsible for the privacy, security, retention, or use practices of government agencies or third parties after information is submitted to them, except to the extent required by applicable law.

Advertising Partners

We work with third-party advertising partners (currently Google, for Google Ads and Google Analytics) that collect identifiers, device information, and internet activity through cookies and pixels on our website in order to deliver advertisements for our services that may be relevant to you, measure ad performance, and build audiences (“targeted advertising” or “cross-context behavioral advertising”). These partners may combine this information with information collected from other websites. We do not provide advertising partners with your filing information, EIN, insurance information, or other account data you submit for service fulfillment — only website browsing data collected through cookies and pixels. You may opt out at any time as described in Sections 8.1 and 9.

We do not sell or share the personal information of consumers we know to be under 16 years of age.

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements:

We may retain authorization records, filing records, communications, transaction records, audit logs, and consent records for as long as reasonably necessary to provide Services, demonstrate authorization, resolve disputes, defend or bring legal claims, comply with legal obligations, and enforce our agreements; retention may vary by filing type, agency requirements, limitation periods, and dispute status. Where legally permissible, we may retain de-identified, aggregated, or anonymized information indefinitely.

7. Data Security

We implement commercially reasonable administrative, technical, and physical security measures including:

No method of electronic storage or transmission is completely secure. If you believe your information has been compromised, contact us immediately at hello@carriercompliancehq.com.

You are responsible for maintaining the confidentiality and security of your account credentials, authorized users, email accounts, phone numbers, devices, agency portals, and access permissions. We are not responsible for unauthorized access, disclosure, delay, loss, or misuse caused by compromised credentials, shared accounts, incorrect contact information, failure to remove unauthorized users, insecure devices, email forwarding rules, third-party systems, or actions of persons acting under your authority.

8. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies in the following categories:

You can control cookies through your browser settings; disabling certain cookies may affect functionality. To opt out of targeted advertising specifically, use any of the methods in Section 8.1 or submit a request under Section 9.

8.1 Do Not Track and Opt-Out Preference Signals

Some browsers transmit “Do Not Track” (DNT) signals. Because no uniform industry standard for DNT has been adopted, we do not respond to DNT signals. However, we do honor recognized opt-out preference signals, such as Global Privacy Control (GPC): if your browser or extension transmits a GPC signal, we will treat it as a valid request to opt out of the sale or sharing of personal information collected from that browser, as required by applicable law (including in California, Colorado, Texas, and Oregon).

You may also opt out of targeted advertising at any time by:

1. Enabling Global Privacy Control in your browser or browser extension;
2. Emailing hello@carriercompliancehq.com with the subject line “Opt-Out Request”; or
3. Using industry opt-out tools at optout.aboutads.info and optout.networkadvertising.org.

9. Your Privacy Rights — State-Specific

Depending on your state of residence, you may have specific privacy rights under applicable state law. This section describes your rights by jurisdiction. To exercise any of these rights, please contact us at hello@carriercompliancehq.com with your state of residence and the right(s) you wish to exercise. We will respond within the timeframe required by your state’s law.

9.1 California — CCPA / CPRA (Cal. Civ. Code § 1798.100 et seq.)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

Response time: 45 calendar days (extendable by an additional 45 days with notice). California residents may also authorize an agent to submit requests on their behalf.

9.2 Virginia — VCDPA (Va. Code § 59.1-575 et seq.)

Virginia residents have the following rights under the Virginia Consumer Data Protection Act:

Response time: 45 days (extendable by 45 days). If we deny your request, you may appeal by emailing hello@carriercompliancehq.com with the subject line ‘VCDPA Appeal.’ If your appeal is denied, you may contact the Virginia Attorney General.

9.3 Colorado — CPA (C.R.S. § 6-1-1301 et seq.)

Colorado residents have the following rights under the Colorado Privacy Act:

Response time: 45 days (extendable by 45 days). Appeals may be submitted by emailing hello@carriercompliancehq.com with subject ‘CPA Appeal.’ Unresolved appeals may be directed to the Colorado Attorney General.

9.4 Connecticut — CTDPA (Conn. Gen. Stat. § 42-515 et seq.)

Connecticut residents have the following rights under the Connecticut Data Privacy Act:

Response time: 45 days (extendable by 45 days). Appeal rights available; unresolved appeals may be directed to the Connecticut Attorney General.

9.5 Utah — UCPA (Utah Code § 13-61-101 et seq.)

Utah residents have the following rights under the Utah Consumer Privacy Act:

Response time: 45 days (extendable by 45 days).

9.6 Texas — TDPSA (Tex. Bus. & Com. Code § 541.001 et seq.)

Texas residents have the following rights under the Texas Data Privacy and Security Act:

Response time: 45 days (extendable by 45 days). Appeal rights available; unresolved appeals may be directed to the Texas Attorney General.

9.7 Oregon — OCPA (ORS § 646A.570 et seq.)

Oregon residents have the following rights under the Oregon Consumer Privacy Act:

Response time: 45 days (extendable by 45 days).

9.8 Montana — MCDPA (Mont. Code Ann. § 30-14-3301 et seq.)

Montana residents have the following rights under the Montana Consumer Data Privacy Act:

Response time: 45 days (extendable by 45 days).

9.9 Delaware — DPDPA (Del. Code tit. 6, § 12D-101 et seq.)

Delaware residents have the following rights under the Delaware Personal Data Privacy Act:

Response time: 45 days (extendable by 45 days).

9.10 Iowa — ICDPA (Iowa Code § 715D.1 et seq.)

Iowa residents have the following rights under the Iowa Consumer Data Protection Act:

Response time: 90 days (extendable by 45 days).

9.11 New Hampshire — NHDPA (RSA Chapter 507-H)

New Hampshire residents have the following rights under the New Hampshire Data Privacy Act:

Response time: 45 days (extendable by 45 days).

9.12 New Jersey — NJDPA (N.J.S.A. 56:8-166.4 et seq.)

New Jersey residents have the following rights under the New Jersey Data Privacy Act:

Response time: 45 days (extendable by 45 days). Appeal rights available.

9.13 Tennessee — TIPA (Tenn. Code Ann. § 47-18-3201 et seq.)

Tennessee residents have the following rights under the Tennessee Information Protection Act:

Response time: 45 days (extendable by 45 days).

9.14 Minnesota — MCDPA (Minn. Stat. § 325O.01 et seq.)

Minnesota residents have the following rights under the Minnesota Consumer Data Privacy Act:

Response time: 45 days (extendable by 45 days).

9.15 Maryland — MODPA (Md. Code, Com. Law § 14-4601 et seq.)

Maryland residents have the following rights under the Maryland Online Data Privacy Act:

Response time: 45 days (extendable by 45 days).

9.16 Nebraska — NDPA (Neb. Rev. Stat. § 87-1001 et seq.)

Nebraska residents have the following rights under the Nebraska Data Privacy Act:

Response time: 45 days (extendable by 45 days).

9.17 Indiana — IDCPA (Ind. Code § 24-15-1-1 et seq.)

Indiana residents have the following rights under the Indiana Consumer Data Protection Act:

Response time: 45 days (extendable by 45 days).

9.18 Kentucky — KCDPA (KRS § 367.3611 et seq.)

Kentucky residents have the following rights under the Kentucky Consumer Data Protection Act:

Response time: 45 days (extendable by 45 days).

9.19 Rhode Island — RIDTPPA (R.I. Gen. Laws § 6-48.1-1 et seq.)

Rhode Island residents have the following rights under the Rhode Island Data Transparency and Privacy Protection Act:

Response time: 45 days (extendable by 45 days).

9.20 Nevada — NRS Chapter 603A / SB 220

Nevada residents have the right to opt out of the sale of certain covered information under Nevada Revised Statutes Chapter 603A and Senate Bill 220. We do not sell covered information for monetary consideration as defined by Nevada law. Nevada residents may nonetheless submit a verified opt-out request by emailing hello@carriercompliancehq.com with the subject line ‘Nevada Opt-Out Request,’ and we will honor it should our practices change.

9.21 Illinois — BIPA / IDCPA

Illinois residents are protected by the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/) and applicable provisions of the Illinois Personal Information Protection Act (815 ILCS 530/).

Important: Carrier Compliance HQ does NOT collect, capture, purchase, receive through trade, or otherwise obtain biometric identifiers or biometric information (as defined under BIPA, including fingerprints, retina scans, voiceprints, or face geometry scans). If this changes, we will update this Policy and implement full BIPA-compliant procedures including written consent and a publicly available retention/destruction policy.

For breaches of Illinois personal information (as defined under 815 ILCS 530), we will notify affected Illinois residents in accordance with 815 ILCS 530/10.

9.22 Arkansas — APDPA (effective July 1, 2026)

Beginning July 1, 2026, Arkansas residents have the following rights under the Arkansas Personal Data Protection Act:

Response time: 45 days (extendable by 45 days).

9.23 Submitting a Privacy Rights Request

To exercise any rights described in this Section 9:

1. Email us at hello@carriercompliancehq.com with subject line: ‘Privacy Rights Request — [Your State]’
2. Provide your full name, email address used with our services, your state of residence, and the specific right(s) you wish to exercise.
3. We may need to verify your identity before processing your request.
4. We will respond within the timeframe required by your state’s applicable law.

We will not discriminate against you for exercising any privacy rights.

10. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children, and we do not sell or share the personal information of consumers we know to be under 16 years of age. If we learn that we have collected personal information from a child under 18, we will promptly delete it.

11. Third-Party Websites

Our website may contain links to third-party websites, including government agency websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as new state privacy laws take effect or our practices change. We will notify you of material changes by posting the updated policy on our website with a new effective date. The current policy will always be available at www.carriercompliancehq.com/privacy.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Illinois. State-specific rights described in Section 9 are governed by the applicable laws of each respective state. Disputes arising under this policy are subject to the dispute resolution provisions in our Terms of Service. Nothing in this Policy limits rights that cannot legally be waived under applicable privacy, consumer protection, or data breach notification laws.

14. Contact — Privacy Inquiries

For questions, concerns, or to exercise your privacy rights:

Carrier Compliance Group LLC
Attention: Privacy
Email: hello@carriercompliancehq.com
Website: www.carriercompliancehq.com